Tom Eastep
96f5aec71f
Add ZONE_BITS configuration option.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-17 10:40:47 -08:00
Tom Eastep
fe09646bed
Make zone types a power of 2.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-17 09:23:39 -08:00
Tom Eastep
348c6c8cf7
Correct handling of LOGMARK
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-17 07:22:07 -08:00
Tom Eastep
d096b9399a
Fix '\!' handling in validate_level()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-15 16:41:32 -08:00
Tom Eastep
afaf0d9de8
Trivial optimiation in validate_level()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-13 06:19:40 -08:00
Tom Eastep
28a1087cd4
Cleanup of rewritten validate_level()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-13 05:58:59 -08:00
Tom Eastep
73ed66b9b9
Add ULOG and NFLOG capabilities plus LOGMARK for IPv6
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-12 14:10:48 -08:00
Tom Eastep
bf010dc03e
Macro changes from Tuomo Soini
2011-11-11 15:08:57 -08:00
Tom Eastep
ffec7a4d95
More corrections to wildcard interfaces
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-11 07:29:44 -08:00
Tom Eastep
04dfe26549
Remove two unused variables.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-11 05:23:37 -08:00
Tom Eastep
972721facb
Remove some white space
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-10 17:52:25 -08:00
Tom Eastep
6813409c31
Make the previous patch a bit cleaner
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-10 07:19:21 -08:00
Tom Eastep
d85f6970e3
Fix wildcard interfaces
...
- Suppress extra jumps to interface chains.
- Insure that the 'lo' ACCEPT rule doesn't get masked by a wildcard interface
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-10 06:53:48 -08:00
Tom Eastep
83d373c0aa
More documentation cleanup.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-10 06:52:14 -08:00
Tom Eastep
7ebf5a4284
Correct links in shorewall.conf manpage
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-09 09:56:59 -08:00
Tom Eastep
d053faadde
Allow convertion of a legacy blacklist configuration
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-08 12:59:40 -08:00
Tom Eastep
6108a9cad8
Delete BLACKLISTSECTION
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-06 14:46:14 -08:00
Tom Eastep
da7516d401
Update config files and manpages for BLACKLISTSECTION
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-06 12:05:07 -08:00
Tom Eastep
b0103a51d5
Merge branch 'master' of ssh://shorewall.git.sourceforge.net/gitroot/shorewall/shorewall
2011-11-06 08:44:26 -08:00
Tom Eastep
1091c24348
Implement the BLACKLISTSECTION option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-06 08:43:38 -08:00
Tom Eastep
755ed9859b
Merge branch '4.4.25' of ssh://shorewall.git.sourceforge.net/gitroot/shorewall/shorewall
2011-11-06 06:16:43 -08:00
Roberto C. Sanchez
cf8c30904d
Add support for a "status" command to the Debian init scripts
...
(cherry picked from commit d36a2030ea
)
2011-11-06 09:10:59 -05:00
Tom Eastep
38d1a2ada9
Add DropSmurfs and TCPFlags to the IPv6 actions.std file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-05 07:54:21 -07:00
Tom Eastep
d883e45f83
Correct 'start -f' with AUTOMAKE=Yes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-05 07:54:05 -07:00
Tom Eastep
e236be37db
Include the rawpost table in dump output
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-05 07:52:40 -07:00
Tom Eastep
a842fad629
Mention that 'ignore' exempts the inteface from hairpin filtering.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-04 13:49:23 -07:00
Tom Eastep
689e9b0fe1
Make replacement of '+' by '*' global in case statements.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-04 13:49:10 -07:00
Tom Eastep
aed595f1d8
Document the 'ignore' interface option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-04 08:51:56 -07:00
Tom Eastep
352dba1aac
More cleanup of the IN_BANDWIDTH code
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-02 06:34:35 -07:00
Roberto C. Sanchez
d36a2030ea
Add support for a "status" command to the Debian init scripts
2011-11-01 19:55:02 -04:00
Tom Eastep
b9a7374130
Omit estimator when no avrate.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-01 11:16:51 -07:00
Tom Eastep
cfa33e894f
Restore IN_BANDWIDTH functionality on moribund distributions
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-01 07:02:32 -07:00
Tom Eastep
8b8140cc9f
Add 'Basic Filter' capability
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-01 06:34:57 -07:00
Tom Eastep
f3b5d5585f
Correct detection of FLOW_FILTER
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-01 06:21:34 -07:00
Tom Eastep
0a605c63f2
Add note about separate blacklist file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-10-31 08:46:11 -07:00
Tom Eastep
dc1f815679
Reload blacklistsection chains even when legacy blacklisting is used.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-10-31 08:04:32 -07:00
Tom Eastep
29f6f6e3f2
Allow 'refresh' to reload chains from the BLACKLIST section.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-10-30 06:05:24 -07:00
Tom Eastep
e997b7e662
Update Build doc to reflect change to 'setversion'.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-10-30 05:26:23 -07:00
Tom Eastep
16457ce85b
Evaluate a variable at compile-time rather than at run-time
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-10-27 07:07:38 -07:00
Tom Eastep
3aac252645
Cleanup of IPv6 config files and manpages
...
- Add BLACKLIST section to IPv6 rules files.
- Add USE_DEFAULT_RT to the shorewall6.conf files and to the manpage.
2011-10-26 05:59:27 -07:00
Tom Eastep
5e97dc1954
Fold long lines in the FAQ
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-10-25 14:28:18 -07:00
Tom Eastep
c319921365
Correct validation of 4in6 addresses
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-10-25 06:19:34 -07:00
Tom Eastep
3258806f6c
Insure that 32767 default rule exists on IPv6.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-10-24 21:15:09 -07:00
Tom Eastep
ccdda4c73b
Tighten the rule compatibility test in sub compatible().
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-10-24 13:16:17 -07:00
Tom Eastep
3c98094242
Combine all IPV6 filtering in the routing table copy routines
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-10-24 13:15:36 -07:00
Tom Eastep
14764acd2d
Restore a blank line in the generated script
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-10-24 08:50:15 -07:00
Tom Eastep
3ce5449257
Change the Caution at the top of the FAQs to refer to 4.4 rather than 4.3
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-10-24 06:23:33 -07:00
Tom Eastep
ee66be8f32
Place all ip-address rules at priority 20000.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-10-23 17:11:41 -07:00
Tom Eastep
54ba4ed879
Add MARK column to route_rules
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-10-23 07:56:53 -07:00
Tom Eastep
2316162d86
Fix last section of two-interface doc
2011-10-22 16:22:44 -07:00